Commit Graph

1833 Commits

Author SHA1 Message Date
elcore
91ff734327 Implement curve X25519 (Golang 1.8) (#1376)
* Implement curve X25519

* caddytls: Added a default curves list

* caddytls: Improve tests
2017-02-16 17:19:58 -07:00
Matt Holt
524dcee9f6 Merge pull request #1373 from mholt/go18shutdown
Replace our old faithful gracefulListener with Go 1.8's Shutdown()
2017-02-16 16:56:05 -07:00
Matt Holt
0cc48e849c Merge pull request #1374 from mholt/go18timeouts
Set Go 1.8's ReadHeaderTimeout and IdleTimeout
2017-02-16 16:51:00 -07:00
Matt Holt
58b2edd229 Merge pull request #1354 from mholt/keyrotationfix
Set session ticket keys properly (fixed in Go 1.8)
2017-02-16 16:43:02 -07:00
Matt Holt
6271abb22a Update CI to use Go 1.8 (#1444) 2017-02-16 16:37:12 -07:00
Toby Allen
58053fce48 Merge branch 'master' into go18shutdown 2017-02-16 22:46:11 +00:00
Alex Harrington
55bded68c2 fixing panic when root is symlink (#1429)
* fixing panic when root is symlink
checking root path is a symlink before os.Stat which panics

* fixing formatting

* adding test to verify symlink root path check

* fixing typo
2017-02-15 22:02:51 -07:00
Augusto Roman
dc3efc939c Add request placeholder support for querying request cookies. (#1392)
* Add request placeholder support for querying request cookies.

This adds the ability to query the request cookies for placeholders
using the syntax "@cookiename".

For example, this would allow rewriting based on a cookie:
  rewrite {
    if @version is 'dev'
    to /dev/index.html
  }

* Switch cookie special char from @ to :

* Switch special char for cookies from : to ~
2017-02-15 21:59:24 -07:00
Matt Holt
bdb61f4a1d Merge pull request #1409 from mastercactapus/not_a_directory
return 404 for "not a directory" errors
2017-02-15 18:34:01 -07:00
Matt Holt
1183d91c7b Merge pull request #1365 from tw4452852/1297
redirect: determine the FromScheme at runtime (#1297)
2017-02-15 17:59:29 -07:00
Augusto Roman
463c9d9dd2 Fix data race for max connection limiting in proxy directive. (#1438)
* Fix data race for max connection limiting in proxy directive.

The Conns and Unhealthy fields are updated concurrently across all active
requests.  Because of this, they must use atomic operations for reads and
writes.

Prior to this change, Conns was incremented atomically, but read unsafely.
Unhealthly was updated & read unsafely.  The new test
TestReverseProxyMaxConnLimit exposes this race when run with -race.

Switching to atomic operations makes the race detector happy.

* oops, remove leftover dead code.
2017-02-15 08:09:42 -07:00
Matt Holt
1bd9e9e590 Merge pull request #1436 from rohanpai/master
Added Sourcegraph badge to README
2017-02-14 16:32:55 -07:00
Rohan Pai
b650a26727 Added Sourcegraph badge to README 2017-02-14 14:32:12 -08:00
Matt Holt
943ed931db Merge pull request #1425 from jung-kurt/cgi
httpserver: Register cgi plugin
2017-02-14 06:59:32 -07:00
Toby Allen
2417d70bcb Merge pull request #1431 from mholt/issue1388c
Fix for #1388 starting with no Caddyfile
2017-02-14 10:23:46 +00:00
Toby Allen
1a7612071a remove whitespace 2017-02-13 21:28:19 +00:00
Toby Allen
5072d70f38 Fix for #1388 dont attempt to hide Caddyfile if non existant 2017-02-13 21:22:19 +00:00
Kurt
b210101f45 Register cgi plugin 2017-02-11 09:38:25 -05:00
Nathan Caza
18edf5864e add fix from golang/go 2017-02-10 21:02:00 -06:00
Julian V. Modesto
ce7d3db1be Roll all logs by default (#1379)
* Use new subdirectives and flatten rolling config

* Set default rotate config

* Set default rolling config (hopefully) errwhere

* Make private

* Flatten errors directive and remove c.IncrNest()

* Don't skip first error log roller subdirective we see

* Remove hadBlock

* Try lumberjack import

* Unname import
2017-02-08 09:23:33 -07:00
Mateusz Gajewski
f32eed1912 Feature #1246 - Remote syslog (#1301)
* Remote syslog

* golint

* Initialize mutex
2017-02-08 08:02:09 -07:00
Matt Holt
cdb79a60f2 Merge pull request #1410 from JRaspass/patch-1
Replace magic number 308 with http.StatusPermanentRedirect
2017-02-07 17:10:05 -07:00
James Raspass
7419573266 Replace magic number 308 with http.StatusPermanentRedirect 2017-02-07 23:55:36 +00:00
Matt Holt
d8f92baee2 Merge pull request #1404 from mholt/combinedrollers
Create only one log roller per file across whole process (fixes #1363)
2017-02-06 20:08:50 -07:00
Toby Allen
9e9298ee5d Added additional - to common log file format (#1399) 2017-02-04 15:29:29 -07:00
Matt Holt
dc6c986b3f Merge pull request #1381 from tw4452852/958
httpserver: support QUIC reload
2017-01-28 09:40:14 -07:00
Tw
65cb966d38 httpserver: support QUIC reload
fix issue #958

Signed-off-by: Tw <tw19881113@gmail.com>
2017-01-28 19:41:24 +08:00
Matthew Holt
d264a2cf0a
Set Go 1.8's ReadHeaderTimeout and IdleTimeout 2017-01-24 20:09:03 -07:00
Matthew Holt
139a3cfb13
Replace our old faithful gracefulListener with Go 1.8's Shutdown() 2017-01-24 20:05:53 -07:00
Matthew Holt
04da9c7374
Create only one log roller per file across whole process (fixes #1363) 2017-01-24 19:16:54 -07:00
Matthew Holt
16250da3f0
errors: Fix low risk race condition at server close
See issue #1371 for more information.
2017-01-24 19:09:44 -07:00
Matthew Holt
45a0e4cf49
log: Fix race when stopping server
High improbability of being an actual problem. Logs are safe for
concurrent use, but os.Files are apparently not... Fixes #1371.
2017-01-24 18:48:19 -07:00
Matthew Holt
e14a62f188
pprof: Set proper Content-Type header
The standard lib pprof library doesn't set its own Content-Type header
properly. If pprof is used with gzip, the index endpoint will be
interpreted as a .gz file; so we force its hand and set the header.
2017-01-24 16:55:43 -07:00
Matthew Holt
94e382ef0a
Version 0.9.5 2017-01-24 08:29:01 -07:00
Matt Holt
d8d339740b New 'timeouts' directive to configure timeouts; default timeouts enabled (#1368) 2017-01-24 08:15:25 -07:00
Matthew Holt
205aee6662
Godoc comment; report -validate results to stdout too 2017-01-23 23:48:12 -07:00
Matthew Holt
62fea30e87
browse: Sanitize file names and links in default template
Thanks to Kevin Froman (@beardog108) for the responsible heads up.
2017-01-23 22:37:46 -07:00
Toby Allen
bbee961415 Introduce new Replacer fields {rewrite_path}, {rewrite_path_escaped}; issue #1185 (#1364)
* Fix #1185

* Return normal path if no rewrite has happened

* Revert change, not required

* Updated tests
2017-01-23 22:15:27 -07:00
Matthew Holt
59e6ceb518
Minor test cleanup 2017-01-23 22:06:55 -07:00
Matthew Holt
82929b122a
Ensure active Caddyfile, if in site, is hidden no matter the cwd 2017-01-23 22:06:29 -07:00
Tw
38c76647c9 proxy: use a new context for the outgoing request (#1358)
* proxy: use a new context for the outgoing request

fix issue #1345

Signed-off-by: Tw <tw19881113@gmail.com>

* proxy: add test for canceling the request

Signed-off-by: Tw <tw19881113@gmail.com>
2017-01-23 18:03:42 -07:00
Matt Holt
696b46f075 Merge pull request #1356 from mholt/fix_hijack
proxy: Fixed #1352: invalid use of the HTTP hijacker
2017-01-23 09:40:47 -07:00
Peer Beckmann
e5ef285e59 Generate meta elements from prelude items description and keywords (#1335)
* Generate meta elements from useful front matters.
Limited to the default template and specific elements.

* Rerun gofmt

* Add "keywords" and remove "language" to/from the list of meta tags.

* Add a simple positive list test for the meta tag generation.

* Move the meta tag list to a var at the begin of the file.
Seperate the Meta tags from the other front matters:
	- Don't override user settings with name `meta`
	- Cleaner Code.

* Remove the uneccessary `[:]` in the []Bytes to String casting.
@mholt was right ;)

* One minor refinement. Combining two statements.
2017-01-22 19:16:38 -07:00
Matthew Holt
11adb2e5a7
tls: Always stop and report cert renewal error if operator is present 2017-01-21 15:14:04 -07:00
Matt Holt
9369b81498 Merge pull request #1366 from mholt/tls-sni-renew-fix
tls: Fix background certificate renewals that use TLS-SNI challenge
2017-01-21 15:05:22 -07:00
Matthew Holt
0e34c7c970
tls: Fix background certificate renewals that use TLS-SNI challenge
The loop which performs renewals in the background obtains a read lock
on the certificate cache map, so that it can be safely iterated. Before
this fix, it would obtain the renewals in the read lock. This has been
fine, except that the TLS-SNI challenge, when invoked after Caddy has
already started, requires adding a certificate to the cache. Doing this
requires an exclusive write lock. But it cannot obtain a write lock
because a read lock is obtained higher in the stack, while the loop
iterates. In other words, it's a deadlock.

I was able to reproduce this issue consistently locally, after jumping
through many hoops to force a renewal in a short time that bypasses
Let's Encrypt's authz caching. I was also able to verify that by queuing
renewals (like we do deletions and OCSP updates), lock contention is
relieved and the deadlock is avoided.

This only affects background renewals where the TLS-SNI(-01) challenge
are used. Users report seeing strange errors in the logs after this
happens ("tls: client offered an unsupported, maximum protocol version
of 301"), but I was not able to reproduce these locally. I was also not
able to reproduce the leak of sockets which are left in CLOSE_WAIT.
I am not sure if those are symptoms of running in production on Linux
and are related to this bug, or not.

Either way, this is an important fix. I do not yet know the ripple
effects this will have on other symptoms we've been chasing. But it
definitely resolves a deadlock during renewals.
2017-01-21 14:39:36 -07:00
Tw
eeb23a2469 redirect: determine the FromScheme at runtime (#1297)
Signed-off-by: Tw <tw19881113@gmail.com>
2017-01-21 09:53:44 +08:00
Tw
ecf852ea43 proxy: fix TestReverseProxy failure on go tip (#1360)
Because of this commit(6e36811c37399d60cbce587b7c48e611009c5aec) on go tip,
it will probe the request's body to determine whether to use chunked transfer
encoding which trailers depend on it.
So we just offer a non empty body to make trailers work.

fix issue #1359

Signed-off-by: Tw <tw19881113@gmail.com>
2017-01-18 15:34:25 -07:00
Mike Pastore
6bac558c98 Add root option to fastcgi directive (#1337) 2017-01-17 10:34:17 -07:00
Leonard Hecker
ae10122f7e proxy: Fixed #1352: invalid use of the HTTP hijacker 2017-01-17 15:55:11 +01:00